Your users are initially authenticated through the identity bridge, and for most purposes this single, secure authentication is sufficient. However, you can choose a secondary level of authentication as well. Together, the primary and secondary levels of authentication are known as multi-factor authentication.
You can apply the authentication policy to all users, or a subset of your users based on group membership or IP address. The policy applies to:
- SSO to PingOne.
- All SAML-enabled applications.
- Selected SAML-enabled applications.
You can also apply secondary authentication to the PingOne admin portal.